Filtered by vendor Microsoft
Subscribe
Total
19962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3006 | 1 Microsoft | 4 Office, Office Compatibility Pack, Office Excel Viewer and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." | |||||
| CVE-2008-3005 | 1 Microsoft | 1 Office | 2024-11-21 | 9.3 HIGH | N/A |
| Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability." | |||||
| CVE-2008-3004 | 1 Microsoft | 2 Office, Office Excel Viewer | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability." | |||||
| CVE-2008-3003 | 1 Microsoft | 1 Office | 2024-11-21 | 6.6 MEDIUM | N/A |
| Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." | |||||
| CVE-2008-2959 | 1 Microsoft | 1 Visual Basic Enterprise Edition | 2024-11-21 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function. | |||||
| CVE-2008-2949 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. | |||||
| CVE-2008-2948 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. | |||||
| CVE-2008-2947 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. | |||||
| CVE-2008-2841 | 2 Microsoft, Xchat | 3 Internet Explorer, Windows Nt, Xchat | 2024-11-21 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. | |||||
| CVE-2008-2821 | 2 Glub, Microsoft | 2 Secure Ftp, Windows Nt | 2024-11-21 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. | |||||
| CVE-2008-2752 | 1 Microsoft | 1 Word | 2024-11-21 | 7.1 HIGH | N/A |
| Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2747 | 2 Microsoft, No-ip | 2 Windows, Dynamic Update Client | 2024-11-21 | 2.1 LOW | N/A |
| No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values. | |||||
| CVE-2008-2674 | 4 Fujitsu, Microsoft, Redhat and 1 more | 11 Interstage Application Server Enterprise, Interstage Application Server Plus, Interstage Application Server Plus Developer and 8 more | 2024-11-21 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. | |||||
| CVE-2008-2547 | 1 Microsoft | 1 Windows Installer | 2024-11-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control. | |||||
| CVE-2008-2540 | 2 Apple, Microsoft | 6 Safari, Internet Explorer, Windows Server 2003 and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
| Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | |||||
| CVE-2008-2463 | 1 Microsoft | 1 Office Snapshot Viewer Activex | 2024-11-21 | 6.8 MEDIUM | N/A |
| The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-2430 | 2 Microsoft, Videolan | 2 Windows Nt, Vlc Media Player | 2024-11-21 | 9.3 HIGH | N/A |
| Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. | |||||
| CVE-2008-2427 | 4 Freebsd, Microsoft, Pagesperso-orange and 1 more | 6 Freebsd, Windows Nt, Gfl Sdk and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file. | |||||
| CVE-2008-2326 | 2 Apple, Microsoft | 6 Bonjour, Windows-nt, Windows 2000 and 3 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label. | |||||
| CVE-2008-2307 | 2 Apple, Microsoft | 5 Mac Os X, Safari, Windows and 2 more | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. | |||||